• Classroom
  • Online, Instructor-Led

Event Monitoring and Incident Detection, part of our Incident Response series, will help students develop the professional competencies to detect intrusions, determine the nature of security events, and initiate critical first response for security incidents. It will also help to build important technical skills through several labs, tabletop exercises, and case-study based activities.

The goals of this 3-day course are to examine the Incident Response Life Cycle, determine the existence of security events, and implement the Computer Security Incident Response Team (CSIRT) Services Framework, to contain, eradicate, and remediate threats. This course is for anyone interested in learning about the initial phases of Cyber Incident Response handling. This course will also help the learner understand how to approach security incidents while working in an organization.

Learning Objectives

  • Describe the requirements for technical and functional preparation for Incident Response
  • Identify attack surfaces to be covered by an Incident Response Plan
  • Compare tools and processes used to monitor cyber activities
  • Construct a baseline of “normal” cyber traffic
  • Interpret data and logs of activity
  • Examine network traffic for evidence of anomalies
  • Collect evidence of anomalous activity
  • Explain the purposes of triage in incident response
  • Apply the MITRE ATT&CK matrix to anomalous activity observed
  • Construct security event timelines
  • Determine if incident escalation is appropriate
  • Report actionable data in a timely, clear, concise, and accurate manner
  • Apply playbooks in the incident response process

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):